[New] Added new XmlDomSigner with tests
This commit is contained in:
parent
c947260853
commit
779bdbb3c1
|
@ -0,0 +1,245 @@
|
|||
package ch.eitchnet.utils.helper;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
import java.io.FileNotFoundException;
|
||||
import java.io.FileOutputStream;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
import java.security.KeyStore;
|
||||
import java.security.KeyStore.PrivateKeyEntry;
|
||||
import java.security.PublicKey;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.UUID;
|
||||
|
||||
import javax.xml.crypto.dsig.CanonicalizationMethod;
|
||||
import javax.xml.crypto.dsig.DigestMethod;
|
||||
import javax.xml.crypto.dsig.Reference;
|
||||
import javax.xml.crypto.dsig.SignatureMethod;
|
||||
import javax.xml.crypto.dsig.SignedInfo;
|
||||
import javax.xml.crypto.dsig.Transform;
|
||||
import javax.xml.crypto.dsig.XMLSignature;
|
||||
import javax.xml.crypto.dsig.XMLSignatureFactory;
|
||||
import javax.xml.crypto.dsig.dom.DOMSignContext;
|
||||
import javax.xml.crypto.dsig.dom.DOMValidateContext;
|
||||
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
|
||||
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
|
||||
import javax.xml.crypto.dsig.keyinfo.X509Data;
|
||||
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
|
||||
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.Transformer;
|
||||
import javax.xml.transform.TransformerException;
|
||||
import javax.xml.transform.TransformerFactory;
|
||||
import javax.xml.transform.TransformerFactoryConfigurationError;
|
||||
import javax.xml.transform.dom.DOMSource;
|
||||
import javax.xml.transform.stream.StreamResult;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.w3c.dom.Document;
|
||||
import org.w3c.dom.Element;
|
||||
import org.w3c.dom.Node;
|
||||
import org.w3c.dom.NodeList;
|
||||
|
||||
public class XmlDomSigner {
|
||||
|
||||
private static final Logger logger = LoggerFactory.getLogger(XmlDomSigner.class);
|
||||
|
||||
private PrivateKeyEntry keyEntry;
|
||||
private X509Certificate cert;
|
||||
|
||||
public XmlDomSigner(File keyStorePath, String alias, char[] password) {
|
||||
try {
|
||||
|
||||
KeyStore ks = KeyStore.getInstance("JKS");
|
||||
ks.load(new FileInputStream(keyStorePath), password);
|
||||
this.keyEntry = (PrivateKeyEntry) ks.getEntry(ks.aliases().nextElement(),
|
||||
new KeyStore.PasswordProtection(password));
|
||||
|
||||
this.cert = (X509Certificate) this.keyEntry.getCertificate();
|
||||
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(
|
||||
"Failed to read certificate and private key from keystore " + keyStorePath + " and alias " + alias);
|
||||
}
|
||||
}
|
||||
|
||||
public void sign(Document document) throws RuntimeException {
|
||||
|
||||
try {
|
||||
|
||||
String id = "Signed_" + UUID.randomUUID().toString();
|
||||
Element rootElement = document.getDocumentElement();
|
||||
rootElement.setAttribute("ID", id);
|
||||
rootElement.setIdAttribute("ID", true);
|
||||
|
||||
// Create a DOM XMLSignatureFactory that will be used to
|
||||
// generate the enveloped signature.
|
||||
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
|
||||
|
||||
// Create a Reference to the enveloped document (in this case,
|
||||
// you are signing the whole document, so a URI of "" signifies
|
||||
// that, and also specify the SHA1 digest algorithm and
|
||||
// the ENVELOPED Transform.
|
||||
List<Transform> transforms = new ArrayList<>();
|
||||
transforms.add(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));
|
||||
transforms.add(fac.newTransform(CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null));
|
||||
DigestMethod digestMethod = fac.newDigestMethod(DigestMethod.SHA1, null);
|
||||
Reference ref = fac.newReference("#" + id, digestMethod, transforms, null, null);
|
||||
//Reference ref = fac.newReference("", digestMethod, transforms, null, null);
|
||||
|
||||
// Create the SignedInfo.
|
||||
SignedInfo signedInfo = fac.newSignedInfo(
|
||||
fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), //
|
||||
fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), //
|
||||
Collections.singletonList(ref));
|
||||
|
||||
// Load the KeyStore and get the signing key and certificate.
|
||||
|
||||
// Create the KeyInfo containing the X509Data.
|
||||
KeyInfoFactory kif = fac.getKeyInfoFactory();
|
||||
List<Object> x509Content = new ArrayList<>();
|
||||
x509Content.add(this.cert.getSubjectX500Principal().getName());
|
||||
x509Content.add(this.cert);
|
||||
X509Data xd = kif.newX509Data(x509Content);
|
||||
KeyInfo keyInfo = kif.newKeyInfo(Collections.singletonList(xd));
|
||||
|
||||
// Create a DOMSignContext and specify the RSA PrivateKey and
|
||||
// location of the resulting XMLSignature's parent element.
|
||||
DOMSignContext dsc = new DOMSignContext(this.keyEntry.getPrivateKey(), rootElement);
|
||||
//dsc.setDefaultNamespacePrefix("samlp");
|
||||
dsc.putNamespacePrefix(XMLSignature.XMLNS, "ds");
|
||||
|
||||
// Create the XMLSignature, but don't sign it yet.
|
||||
XMLSignature signature = fac.newXMLSignature(signedInfo, keyInfo);
|
||||
|
||||
// Marshal, generate, and sign the enveloped signature.
|
||||
signature.sign(dsc);
|
||||
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("Failed to sign document", e);
|
||||
}
|
||||
}
|
||||
|
||||
public void validate(Document doc) throws RuntimeException {
|
||||
|
||||
try {
|
||||
|
||||
// Create a DOM XMLSignatureFactory that will be used to
|
||||
// generate the enveloped signature.
|
||||
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
|
||||
|
||||
// Find Signature element.
|
||||
NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
|
||||
if (nl.getLength() == 0) {
|
||||
throw new Exception("Cannot find Signature element!");
|
||||
} else if (nl.getLength() > 1) {
|
||||
throw new Exception("Found multiple Signature elements!");
|
||||
}
|
||||
|
||||
// Load the KeyStore and get the signing key and certificate.
|
||||
PublicKey publicKey = this.keyEntry.getCertificate().getPublicKey();
|
||||
|
||||
// Create a DOMValidateContext and specify a KeySelector
|
||||
// and document context.
|
||||
Node signatureNode = nl.item(0);
|
||||
DOMValidateContext valContext = new DOMValidateContext(publicKey, signatureNode);
|
||||
valContext.setDefaultNamespacePrefix("samlp");
|
||||
valContext.putNamespacePrefix(XMLSignature.XMLNS, "ds");
|
||||
valContext.putNamespacePrefix("urn:oasis:names:tc:SAML:2.0:protocol", "samlp");
|
||||
valContext.putNamespacePrefix("urn:oasis:names:tc:SAML:2.0:assertion", "saml");
|
||||
valContext.setIdAttributeNS(doc.getDocumentElement(), null, "ID");
|
||||
|
||||
// Unmarshal the XMLSignature.
|
||||
valContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
|
||||
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
|
||||
|
||||
// Validate the XMLSignature.
|
||||
boolean coreValidity = signature.validate(valContext);
|
||||
|
||||
// Check core validation status.
|
||||
if (!coreValidity) {
|
||||
logger.error("Signature failed core validation");
|
||||
boolean sv = signature.getSignatureValue().validate(valContext);
|
||||
logger.error("signature validation status: " + sv);
|
||||
if (!sv) {
|
||||
// Check the validation status of each Reference.
|
||||
Iterator<?> i = signature.getSignedInfo().getReferences().iterator();
|
||||
for (int j = 0; i.hasNext(); j++) {
|
||||
boolean refValid = ((Reference) i.next()).validate(valContext);
|
||||
logger.error("ref[" + j + "] validity status: " + refValid);
|
||||
}
|
||||
}
|
||||
throw new RuntimeException("Uh-oh validation, failed!");
|
||||
}
|
||||
|
||||
} catch (Exception e) {
|
||||
if (e instanceof RuntimeException)
|
||||
throw (RuntimeException) e;
|
||||
throw new RuntimeException("Failed to validate document", e);
|
||||
}
|
||||
}
|
||||
|
||||
public static byte[] transformToBytes(Document doc) {
|
||||
try {
|
||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||
TransformerFactory tf = TransformerFactory.newInstance();
|
||||
Transformer transformer = tf.newTransformer();
|
||||
transformer.transform(new DOMSource(doc), new StreamResult(out));
|
||||
return out.toByteArray();
|
||||
} catch (TransformerFactoryConfigurationError | TransformerException e) {
|
||||
throw new RuntimeException("Failed to transform document to bytes!", e);
|
||||
}
|
||||
}
|
||||
|
||||
public static void writeTo(Document doc, File file) {
|
||||
try {
|
||||
writeTo(doc, new FileOutputStream(file));
|
||||
} catch (FileNotFoundException e) {
|
||||
throw new RuntimeException("Failed to write document to " + file.getAbsolutePath(), e);
|
||||
}
|
||||
}
|
||||
|
||||
public static void writeTo(Document doc, OutputStream out) {
|
||||
try {
|
||||
TransformerFactory tf = TransformerFactory.newInstance();
|
||||
Transformer transformer = tf.newTransformer();
|
||||
transformer.transform(new DOMSource(doc), new StreamResult(out));
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("Failed to write document to output stream!", e);
|
||||
}
|
||||
}
|
||||
|
||||
public static Document parse(byte[] bytes) {
|
||||
return parse(new ByteArrayInputStream(bytes));
|
||||
}
|
||||
|
||||
public static Document parse(File signedXmlFile) {
|
||||
try {
|
||||
return parse(new FileInputStream(signedXmlFile));
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("Failed to parse signed file at " + signedXmlFile.getAbsolutePath(), e);
|
||||
}
|
||||
}
|
||||
|
||||
public static Document parse(InputStream in) {
|
||||
|
||||
Document doc;
|
||||
try {
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
dbf.setNamespaceAware(true);
|
||||
doc = dbf.newDocumentBuilder().parse(in);
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("Failed to parse input stream", e);
|
||||
}
|
||||
|
||||
return doc;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,185 @@
|
|||
package ch.eitchnet.utils.helper;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
import java.io.File;
|
||||
import java.text.SimpleDateFormat;
|
||||
import java.util.Calendar;
|
||||
import java.util.TimeZone;
|
||||
|
||||
import javax.xml.crypto.dsig.XMLSignature;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.parsers.ParserConfigurationException;
|
||||
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.w3c.dom.Document;
|
||||
import org.w3c.dom.Element;
|
||||
import org.w3c.dom.NodeList;
|
||||
|
||||
public class XmlSignHelperTest {
|
||||
|
||||
private static XmlDomSigner helper;
|
||||
|
||||
@BeforeClass
|
||||
public static void beforeClass() {
|
||||
helper = new XmlDomSigner(new File("src/test/resources/test.jks"), "client", "changeit".toCharArray());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldSign() {
|
||||
Document document = createDoc();
|
||||
helper.sign(document);
|
||||
|
||||
assertSignatureElemExists(document);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldSignWithNamespaces() {
|
||||
|
||||
Document document = createDocWithNamespaces();
|
||||
|
||||
// hack for signing with namespaces problem
|
||||
document = XmlDomSigner.parse(XmlDomSigner.transformToBytes(document));
|
||||
|
||||
helper.sign(document);
|
||||
|
||||
assertSignatureElemExists(document);
|
||||
}
|
||||
|
||||
private void assertSignatureElemExists(Document document) {
|
||||
NodeList nl = document.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
|
||||
assertEquals("Expected exactly one Signature element!", 1, nl.getLength());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldValidate() {
|
||||
|
||||
File signedXmlFile = new File("src/test/resources/SignedXmlFile.xml");
|
||||
Document document = XmlDomSigner.parse(signedXmlFile);
|
||||
helper.validate(document);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldValidateWithNamespaces() {
|
||||
|
||||
File signedXmlFile = new File("src/test/resources/SignedXmlFileWithNamespaces.xml");
|
||||
Document document = XmlDomSigner.parse(signedXmlFile);
|
||||
helper.validate(document);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldSignAndValidate() {
|
||||
|
||||
Document document = createDoc();
|
||||
|
||||
helper.sign(document);
|
||||
helper.validate(document);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldSignAndValidateWithNamespaces() {
|
||||
|
||||
Document document = createDocWithNamespaces();
|
||||
|
||||
// hack for signing with namespaces problem
|
||||
document = XmlDomSigner.parse(XmlDomSigner.transformToBytes(document));
|
||||
|
||||
helper.sign(document);
|
||||
helper.validate(document);
|
||||
}
|
||||
|
||||
public static Document createDoc() {
|
||||
|
||||
String issuer = "test";
|
||||
String destination = "test";
|
||||
String assertionConsumerServiceUrl = "test";
|
||||
Calendar issueInstant = Calendar.getInstance();
|
||||
|
||||
// create dates
|
||||
SimpleDateFormat simpleDf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
|
||||
simpleDf.setTimeZone(TimeZone.getTimeZone("UTC"));
|
||||
String issueInstantS = simpleDf.format(issueInstant.getTime());
|
||||
String notBeforeS = issueInstantS;
|
||||
issueInstant.add(Calendar.SECOND, 10);
|
||||
String notOnOrAfterS = simpleDf.format(issueInstant.getTime());
|
||||
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
dbf.setNamespaceAware(true);
|
||||
DocumentBuilder docBuilder;
|
||||
try {
|
||||
docBuilder = dbf.newDocumentBuilder();
|
||||
} catch (ParserConfigurationException e) {
|
||||
throw new RuntimeException("Failed to configure document builder!", e);
|
||||
}
|
||||
Document doc = docBuilder.newDocument();
|
||||
|
||||
Element authnReqE = doc.createElement("AuthnRequest");
|
||||
authnReqE.setAttribute("Version", "2.0");
|
||||
authnReqE.setAttribute("IssueInstant", issueInstantS);
|
||||
authnReqE.setAttribute("ProtocolBinding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
|
||||
authnReqE.setAttribute("AssertionConsumerServiceURL", assertionConsumerServiceUrl);
|
||||
authnReqE.setAttribute("Destination", destination);
|
||||
doc.appendChild(authnReqE);
|
||||
|
||||
Element issuerE = doc.createElement("Issuer");
|
||||
issuerE.setTextContent(issuer);
|
||||
authnReqE.appendChild(issuerE);
|
||||
|
||||
Element conditionsE = doc.createElement("Conditions");
|
||||
conditionsE.setAttribute("NotBefore", notBeforeS);
|
||||
conditionsE.setAttribute("NotOnOrAfter", notOnOrAfterS);
|
||||
authnReqE.appendChild(conditionsE);
|
||||
|
||||
return doc;
|
||||
}
|
||||
|
||||
public static Document createDocWithNamespaces() {
|
||||
|
||||
String issuer = "test";
|
||||
String destination = "test";
|
||||
String assertionConsumerServiceUrl = "test";
|
||||
Calendar issueInstant = Calendar.getInstance();
|
||||
|
||||
// create dates
|
||||
SimpleDateFormat simpleDf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
|
||||
simpleDf.setTimeZone(TimeZone.getTimeZone("UTC"));
|
||||
String issueInstantS = simpleDf.format(issueInstant.getTime());
|
||||
String notBeforeS = issueInstantS;
|
||||
issueInstant.add(Calendar.SECOND, 10);
|
||||
String notOnOrAfterS = simpleDf.format(issueInstant.getTime());
|
||||
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
dbf.setNamespaceAware(true);
|
||||
DocumentBuilder docBuilder;
|
||||
try {
|
||||
docBuilder = dbf.newDocumentBuilder();
|
||||
} catch (ParserConfigurationException e) {
|
||||
throw new RuntimeException("Failed to configure document builder!", e);
|
||||
}
|
||||
Document doc = docBuilder.newDocument();
|
||||
|
||||
Element authnReqE = doc.createElementNS("urn:oasis:names:tc:SAML:2.0:protocol", "AuthnRequest");
|
||||
authnReqE.setPrefix("samlp");
|
||||
authnReqE.setAttribute("Version", "2.0");
|
||||
authnReqE.setAttribute("IssueInstant", issueInstantS);
|
||||
authnReqE.setAttribute("ProtocolBinding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
|
||||
authnReqE.setAttribute("AssertionConsumerServiceURL", assertionConsumerServiceUrl);
|
||||
authnReqE.setAttribute("Destination", destination);
|
||||
doc.appendChild(authnReqE);
|
||||
|
||||
Element issuerE = doc.createElementNS("urn:oasis:names:tc:SAML:2.0:assertion", "Issuer");
|
||||
issuerE.setPrefix("saml");
|
||||
issuerE.setTextContent(issuer);
|
||||
authnReqE.appendChild(issuerE);
|
||||
|
||||
Element conditionsE = doc.createElementNS("urn:oasis:names:tc:SAML:2.0:assertion", "Conditions");
|
||||
conditionsE.setPrefix("saml");
|
||||
conditionsE.setAttribute("NotBefore", notBeforeS);
|
||||
conditionsE.setAttribute("NotOnOrAfter", notOnOrAfterS);
|
||||
authnReqE.appendChild(conditionsE);
|
||||
|
||||
return doc;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,20 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?><AuthnRequest AssertionConsumerServiceURL="test" Destination="test" ID="Signed_b611c86b-51bf-4fd0-91c3-c7348733201f" IssueInstant="2016-03-03T13:34:11Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"><Issuer>test</Issuer><Conditions NotBefore="2016-03-03T13:34:11Z" NotOnOrAfter="2016-03-03T13:34:21Z"/><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#Signed_b611c86b-51bf-4fd0-91c3-c7348733201f"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>6bxgcmypqGyvyQFgEqdOk1zLTOg=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>RAWnchzzSHwi84ZJcog6OnkYrGx7rBGBHDsysn1lmP05+AydKzcK7Jw3kbpkGnaaz1DIV/8A/hhA
|
||||
UmOjwAl8RNygtziXuS5fZfvDUidhPugv2EUKeUkH7CwMkLSB5TONC+AS8eEhfyZbl/4GYMd4Jcqx
|
||||
OQJgBRMNT6zfybFY+wfJDceFUqCCmyXFgcGBmtSjJqQivwH4B8k1ui49hO67ItCBcCo0aKpqoIxF
|
||||
UA2IZCDvmrdR/qCq/oA9ssjUzpC+yJMvwPtZ6LDdoWt+MDzDBkCKA6lKUqtU51rZ8GwoRLve8FXH
|
||||
vCG/ZiqxKn4JwBQL2DiFuZVXhrrMvLpYyi4ZRA==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509SubjectName>CN=test,OU=ch.eitchnet.utils,O=ch.eitchnet,L=Solothurn,ST=Solothurn,C=CH</ds:X509SubjectName><ds:X509Certificate>MIIDizCCAnOgAwIBAgIEPPVdzDANBgkqhkiG9w0BAQsFADB2MQswCQYDVQQGEwJDSDESMBAGA1UE
|
||||
CBMJU29sb3RodXJuMRIwEAYDVQQHEwlTb2xvdGh1cm4xFDASBgNVBAoTC2NoLmVpdGNobmV0MRow
|
||||
GAYDVQQLExFjaC5laXRjaG5ldC51dGlsczENMAsGA1UEAxMEdGVzdDAeFw0xNjAzMDMxMzEwMTRa
|
||||
Fw0xNjA2MDExMzEwMTRaMHYxCzAJBgNVBAYTAkNIMRIwEAYDVQQIEwlTb2xvdGh1cm4xEjAQBgNV
|
||||
BAcTCVNvbG90aHVybjEUMBIGA1UEChMLY2guZWl0Y2huZXQxGjAYBgNVBAsTEWNoLmVpdGNobmV0
|
||||
LnV0aWxzMQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxW8E
|
||||
F/odm00xQTRQ95b9RtpmiQo3OQfpkE344vyp48BpOHMm8Q+sjTHde6hGUQQ3FSp6jUZtJBmuXDp+
|
||||
hFa4zNp1vleASqmUw4VCZZN1BgHx6coWA1zw/GWyCOFHvr+JTP6/LAfemudOnQVWKx6/NkMEgjNm
|
||||
OR3qsbfj1km/VlfnIAOG9SvFvydp+Jan7y+nIKllEEXpcQFeiWouvC572aptu9k9qe43mRoQHJ96
|
||||
IngJHLONi27SBsF31ipvoHjkYEaTYfv8Izf5wt7h+8tZipFHu0+5r7LbZDRhSWzopC5KZakgVgLG
|
||||
0JYEzcLotOCf9hmDDZZAAv3OyLoMqN8F0QIDAQABoyEwHzAdBgNVHQ4EFgQUd38xdRA7VcrWcjmz
|
||||
CYmbBMD4SaUwDQYJKoZIhvcNAQELBQADggEBACqDrXrrYG2sfFBRTIQVni291q8tDqJ1etim1fND
|
||||
s9ZdYa2oKTaLjMswdlE5hVXtEvRrN+XX3TIAK0lfiDwF4E4JBDww4a3SefEbwPvx110WN6CTE1NI
|
||||
P6IPCUB7e5QOlg4uKAJoZfnY6HboRiHbeOQxIeis3Q9XpqQSYrO4/NzxFt66m48BHLqf8Hwi90GY
|
||||
VYMljqr+hHvUTQWGzFD3NKr9Fq6yO2GcHGc5ifmLjwoz2EDAsSubrccbN+RQRRg3II6gFxyL9PYN
|
||||
HgkGjqdg3v8TiWRxWAFL2MrgNLRzOX9Sl7NMFo6JwiizfLWTgcxZZVIkcU1ZP4heXi5iKUzgsJM=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></AuthnRequest>
|
|
@ -0,0 +1,20 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?><samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="test" Destination="test" ID="Signed_c1eee681-6a90-4fed-86bd-777412714e61" IssueInstant="2016-03-03T13:33:25Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">test</saml:Issuer><saml:Conditions xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NotBefore="2016-03-03T13:33:25Z" NotOnOrAfter="2016-03-03T13:33:35Z"/><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#Signed_c1eee681-6a90-4fed-86bd-777412714e61"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>KseWAs8E4H1ZGAbyl2EnlZ3RiG4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>KhSDJRxo1u7eNVy1swN5RqA+37oCCeyY8QNCtT1RFz8UVZFqmXGiurscbctKA+tiYSekW4OkxEg9
|
||||
Nv03OGJcYlksdZ5CCGlsioac+NY/z2QngtlDaFudKIHwj9yZ9zMdiKT/4kdwnUQP+p9tzYV9GeA9
|
||||
gesLOielMdj382XoFQ/CIbrJevE4vpn9FSitbwHXV4kZ3/NxlBPYIgiM9yiTTT0NafFENTS38U+P
|
||||
k1tL32FcDfHytWN6Twl2ZbHrRYltba/ncxaqkauMA37r9v2f+HS+hXXNluLTazRzAxnhSaetjPOt
|
||||
GFP/nkG0TcRbiZFTP3YwIHeo94v2d/fs6rKHiQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509SubjectName>CN=test,OU=ch.eitchnet.utils,O=ch.eitchnet,L=Solothurn,ST=Solothurn,C=CH</ds:X509SubjectName><ds:X509Certificate>MIIDizCCAnOgAwIBAgIEPPVdzDANBgkqhkiG9w0BAQsFADB2MQswCQYDVQQGEwJDSDESMBAGA1UE
|
||||
CBMJU29sb3RodXJuMRIwEAYDVQQHEwlTb2xvdGh1cm4xFDASBgNVBAoTC2NoLmVpdGNobmV0MRow
|
||||
GAYDVQQLExFjaC5laXRjaG5ldC51dGlsczENMAsGA1UEAxMEdGVzdDAeFw0xNjAzMDMxMzEwMTRa
|
||||
Fw0xNjA2MDExMzEwMTRaMHYxCzAJBgNVBAYTAkNIMRIwEAYDVQQIEwlTb2xvdGh1cm4xEjAQBgNV
|
||||
BAcTCVNvbG90aHVybjEUMBIGA1UEChMLY2guZWl0Y2huZXQxGjAYBgNVBAsTEWNoLmVpdGNobmV0
|
||||
LnV0aWxzMQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxW8E
|
||||
F/odm00xQTRQ95b9RtpmiQo3OQfpkE344vyp48BpOHMm8Q+sjTHde6hGUQQ3FSp6jUZtJBmuXDp+
|
||||
hFa4zNp1vleASqmUw4VCZZN1BgHx6coWA1zw/GWyCOFHvr+JTP6/LAfemudOnQVWKx6/NkMEgjNm
|
||||
OR3qsbfj1km/VlfnIAOG9SvFvydp+Jan7y+nIKllEEXpcQFeiWouvC572aptu9k9qe43mRoQHJ96
|
||||
IngJHLONi27SBsF31ipvoHjkYEaTYfv8Izf5wt7h+8tZipFHu0+5r7LbZDRhSWzopC5KZakgVgLG
|
||||
0JYEzcLotOCf9hmDDZZAAv3OyLoMqN8F0QIDAQABoyEwHzAdBgNVHQ4EFgQUd38xdRA7VcrWcjmz
|
||||
CYmbBMD4SaUwDQYJKoZIhvcNAQELBQADggEBACqDrXrrYG2sfFBRTIQVni291q8tDqJ1etim1fND
|
||||
s9ZdYa2oKTaLjMswdlE5hVXtEvRrN+XX3TIAK0lfiDwF4E4JBDww4a3SefEbwPvx110WN6CTE1NI
|
||||
P6IPCUB7e5QOlg4uKAJoZfnY6HboRiHbeOQxIeis3Q9XpqQSYrO4/NzxFt66m48BHLqf8Hwi90GY
|
||||
VYMljqr+hHvUTQWGzFD3NKr9Fq6yO2GcHGc5ifmLjwoz2EDAsSubrccbN+RQRRg3II6gFxyL9PYN
|
||||
HgkGjqdg3v8TiWRxWAFL2MrgNLRzOX9Sl7NMFo6JwiizfLWTgcxZZVIkcU1ZP4heXi5iKUzgsJM=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></samlp:AuthnRequest>
|
Binary file not shown.
Loading…
Reference in New Issue